Author: Editor

Ditch the Passwords: Why Passkeys Are the Future of Online Security
By in

Ditch the Passwords: Why Passkeys Are the Future of Online Security

Tired of juggling dozens of passwords—or worse, reusing the same one across multiple sites? You’re not alone. But the good news is that passwords may soon be a thing of the past. Enter passkeys, a new, more secure way to log in that’s easier for you and harder for hackers.

What Is a Passkey?

A passkey is a digital credential that lets you sign in to websites and apps without needing a traditional password. Instead of relying on something you know (like a password), passkeys use a combination of something you have (like your phone or computer) and something you are (like a fingerprint or facial recognition).

Passkeys are based on public key cryptography, a tried-and-true method used to protect sensitive data online.

How Are Passkeys Generated?

When you create a passkey for a website or app:

  • Your device generates a key pair: a public key and a private key.
  • The public key is stored with the website or app.
  • The private key stays safely on your device and is never shared.

When you try to log in again, the website sends a challenge to your device. If your device can solve the challenge using the private key (confirmed with Face ID, Touch ID, or your device PIN), you’re in.

No password. No phishing. No problem.

The Benefits of Passkeys

  • Stronger security: Passkeys are resistant to phishing, credential stuffing, and brute-force attacks.
  • Convenience: No need to remember or manage passwords.
  • Fast sign-in: Face ID, fingerprint, or device unlock is all it takes.
  • Cross-device sync: Passkeys can sync securely across devices via services like iCloud Keychain or Google Password Manager.

The Risks of Passwords

Passwords have been the weak link in digital security for years:

  • Reused passwords make it easy for hackers to break into multiple accounts.
  • Weak passwords can be cracked by brute-force attacks.
  • Phishing scams can trick users into handing over login credentials.
  • Password databases can be stolen in data breaches, exposing millions of users.

Even with tools like password managers, the risks persist.

Are Passkeys Safe?

Yes – very safe. Because your private key never leaves your device, there’s nothing for hackers to steal or intercept. And since you don’t type anything in, there’s nothing to phish.

Major tech companies—including Apple, Google, Microsoft, and many others—are rapidly adopting passkeys as the new standard for authentication.

Can I Still use a Password if I have a Passkey?

Yes, you can still use a password, even if you have a passkey. Password managers like LastPass support both passwords and passkeys, so you have flexibility in how you access your vault.

What Should You Do Now?

  • Start using passkeys where they’re available. Many popular sites and services now support them.
  • Make sure your devices support biometric logins like fingerprint or facial recognition.
  • Use a reputable passkey manager like Apple’s iCloud Keychain or Google Password Manager to sync across your devices.

Not Ready for Passkeys? Use a Password Manager

If you’re not using passkeys yet, the next best step you can take is to use a reputable password manager, such as LastPass.

LastPass helps you:

  • Generate strong, unique passwords for every account.
  • Store them securely in an encrypted vault.
  • Automatically fill them in across devices for easy access.

Even better, LastPass now supports passkeys, allowing you to:

  • Create passkeys for compatible websites and apps.
  • Store them securely alongside your traditional passwords.
  • Use biometric authentication (like Face ID or fingerprint) to log in with ease.

It’s a seamless way to start transitioning to a more secure, password-free future, without giving up convenience.

Device Code Phishing
By in

Device Code Phishing

Don’t Fall for Device Code Phishing!

The Latest Trick from Cybercriminals

Cybercriminals never stop innovating, and their latest scam targets something you might not expect: the login process on your smart TVs, streaming devices, and even workplace tools. It’s called device code phishing, and it’s designed to trick you into handing over your login credentials through a process that looks completely legitimate.

Here’s what you need to know to stay safe.

What Is Device Code Phishing?

You’ve likely seen it before: a screen on your device that says something like,

“Visit example.com/activate and enter this code to sign in.”

This is known as a device authorization flow, and it’s a normal part of logging into apps on devices that don’t have a keyboard. It’s used by Netflix, Microsoft 365, Google, and more.

But now, attackers are copying that process to phish for your login info. Instead of a real activation page, they set up fake websites that look like the real thing, hoping you’ll enter your code and credentials.

Once you do, they instantly use those credentials on the real service to hijack your account.

How Does the Scam Work?

  1. You’re prompted with a real-looking activation screen. It may appear on a smart TV, streaming device, or even through a pop-up in a phishing email.
  2. You visit the link and enter the code. But instead of going to a real site like hulu.com/activate, you’re sent to something like hululogin-verify.com, which is a site controlled by hackers.
  3. They capture your login info. And now they have access to your streaming account, cloud tools, or even work systems.

Why It’s So Dangerous

  • It looks totally legit. These scams mimic real services and processes you trust.
  • It bypasses traditional phishing defenses. Since the actual login happens on a separate device, you might not even realize something went wrong.
  • It can lead to serious data breaches. If they get into your work or personal accounts, they may access sensitive info, financial data, or worse.

How to Protect Yourself

  • Double-check all URLs.  Legitimate activation links should be short and familiar (e.g., netflix.com/activate, not netflix-support.tv).
  • Don’t scan QR codes or follow links from unexpected sources.  Always verify directly on the device.
  • Use multi-factor authentication (MFA) such as DUO by Cisco.  Even if attackers get your password, MFA can stop them cold.
  • Stay skeptical of pop-ups.  Especially if they appear out of context or ask you to act fast.
  • Educate your family and employees.  The more people who recognize this scam, the less damage it can do.

Citynet’s Commitment to Your Security

At Citynet, we know that awareness is your first line of defense against cyber threats. That’s why we regularly share information about the latest scams and security tips, like device code phishing, on our blog and on Facebook and LinkedIn.

For businesses, we go a step further. Our CyberSuite includes powerful tools like security awareness training from KnowBe4, helping your team spot and avoid threats before they cause harm.

If your organization is ready to get serious about cybersecurity, Citynet is ready to help.

Watch Out for Browser-in-Browser Attacks: The Pop-Up That Isn’t What It Seems
By in

Watch Out for Browser-in-Browser Attacks: The Pop-Up That Isn’t What It Seems

Cybercriminals never stop devising new tricks, and one of their latest is so convincing that it can fool even the savviest internet users. It’s called a Browser-in-Browser attack (or BiB attack), and if you’ve ever clicked a login pop-up while signing into a website, you could be a target.

What is a Browser-in-Browser Attack?

Many websites let you log in using a service like Google, Microsoft, or Facebook. You click a button, a login pop-up appears, and you type in your password. Simple, right?

But with a Browser-in-Browser attack, that login window isn’t real; it’s a fake window designed to look exactly like the real thing. The attacker builds a lookalike login box directly inside the web page, tricking you into entering your real credentials.

Once you hit “Submit,” your login details are instantly sent to the attacker, giving them access to your account.

How Can You Tell If a Pop-Up Window Is Fake?

Detecting a BiB attack takes a sharp eye, but these signs can help:

  • Examine login windows closely
    If the design, wording, or layout looks even slightly off, pause. Something may be wrong.
  • Test the window’s behavior
    Try to resize, minimize, or drag the window off your screen. If it doesn’t behave like a normal browser pop-up, it may be a fake.
  • Check the URL
    Real login windows come from the official site. If you’re unsure, open a new browser tab and log in directly; never trust a pop-up you weren’t expecting.

How to Stay Protected

  • Use Multi-Factor Authentication (MFA)
    MFA adds an extra step to your login process, making it much harder for attackers to break in, even if they steal your password.
  • Avoid third-party logins
    It may be convenient to sign in with your Google or Facebook account, but it creates a single point of failure. If one account is compromised, everything connected to it is at risk.
  • Use a password manager
    A password manager can help you create and store strong, unique passwords for every site and app, without having to remember them all.
  • Never reuse passwords
    Repeating the same password across sites is risky. One breach can give attackers access to your entire digital life.
  • Keep your software up to date
    Browser and OS updates often include critical security patches that help protect against attacks like BiB.

Stay Sharp, Stay Safe

Browser-in-Browser attacks are clever, convincing, and becoming more common. But with awareness and a few smart habits like using strong, unique passwords and avoiding third-party logins, you can stay one step ahead.

At Citynet, we don’t just connect you, we help protect you. Whether you’re a home user or running a business, we’re here with real solutions to keep your digital life secure.

Spring Tech Tips 2025
By in

Spring Tech Tips 2025

Time to sweep out the cobwebs – digitally! These spring tech tips will help you declutter your devices, strengthen your security, and start the season fresh.

Icon Digital Image

Clear Out Digital Clutter

  • Remove unused apps and files: Free up space on your devices by deleting what you no longer need.
  • Clean your browser cache and history: Speed up your browsing and protect your privacy.
  • Declutter your online storage: Delete duplicates, old emails, and unused subscriptions.
  • Tidy up your inbox: Archive or delete emails you no longer need.
  • Organize your desktop: Group files into folders to reduce digital chaos.

Icon Lock Image

Stay Updated

  • Install the latest software and security updates: Protect yourself with current patches and features.
  • Update your browser and apps: Stay fast and secure with the newest versions.

Icon Passwords Image

Strengthen Your Security

  • Change your passwords regularly: Prioritize accounts with sensitive info.
  • Use a password manager: Create and store strong, unique passwords for each account.
  • Turn on two-factor authentication: Add an extra layer of protection.

Icon Broom Image

Physically Clean Your Devices

  • Wipe screens with a microfiber cloth: Use distilled water or a screen-safe cleaner.
  • Use compressed air on your keyboard: Blow out dust and crumbs.
  • Clean ports and connectors: A soft brush or cotton swab does the trick.

Icon Cloud Image

Organize and Back Up

  • Reorganize cloud storage: Create folders to keep files easy to find.
  • Delete what you don’t need: Ditch digital clutter you’ve been ignoring.
  • Back up important data: Use an external drive or secure cloud backup.

Know someone who could use a digital spring cleaning? Be sure to share this page with them!

Citynet Connects, Protects, and Perfects!

The Rise of Malvertising
By in

The Rise of Malvertising

What You Need to Know...and How to Stay Safe

You’ve probably done it a hundred times: typed something into Google, clicked on the top result, and went about your day. But what if that top result wasn’t what it seemed? What if it was dangerous?

Welcome to the new world of malvertising – a growing threat that’s catching both everyday users and businesses off guard.

What Is Malvertising?

Malvertising (short for malicious advertising) is when cybercriminals pay to place ads that look legitimate – but secretly deliver malware, phishing links, or spyware. These ads often appear on trustworthy sites, including search engines like Google, where you’d expect the content to be safe.

The scary part? You don’t even need to visit a sketchy website anymore. Hackers are buying ad space in all the usual places you go – making it harder than ever to tell the difference between safe and suspicious.

Why It’s a Bigger Deal Now

Recently, cybersecurity experts have seen a surge in malvertising on Google Search. These ads are designed to look exactly like real search results, often impersonating popular brands or software tools like Zoom, Adobe, Slack, or even banking websites.

Once clicked, the ad might:

  • Take you to a fake login page that steals your credentials
  • Download malware disguised as a legitimate app
  • Lead to a phishing site designed to trick you or your employees

What This Means for Casual Users

For everyday internet users, the danger lies in speed and habit. We’ve all learned to click the top result when searching. But if that result is a malicious ad? You could be compromising your personal information with just one click.

Tips to protect yourself:

  • Pause before clicking ads – Look for the tiny “Ad” label in search results.
  • Type in official URLs manually – Especially when visiting banks or downloading software.
  • Use an ad blocker – While not foolproof, it can reduce exposure to malicious ads.
  • Keep your system updated – Software patches often fix vulnerabilities that malware exploits.
  • Have antivirus and anti-malware tools running – And make sure they’re current.

What This Means for Business Users

For businesses, the stakes are even higher. One careless click from an employee could:

  • Infect your network with ransomware
  • Open the door to a data breach
  • Compromise client or financial information
  • Damage your reputation and bottom line

Citynet recommends the following for business protection:

  • Security Awareness Training – Make sure your team knows how to spot and report suspicious ads and phishing attempts.
  • Use Secure DNS & Filtering Tools – These can block malicious sites before the browser even loads them.
  • Implement Email & Web Gateways – Filter inbound threats from both search and email sources.
  • Keep Endpoints Monitored & Patched – Vulnerable devices are easy targets.
  • Partner with a Managed Security Provider – Like Citynet! We offer cybersecurity solutions tailored to West Virginia businesses, with local support you can trust.

Final Thoughts: Trust, But Verify

Search engines are still useful – but the days of blind trust are over. Whether you’re searching for a recipe or running a small business, the threat of malvertising is real and growing.

At Citynet, we’re committed to keeping you connected, protected, and informed. If you have questions about cybersecurity or want to learn how we can help safeguard your home or business, reach out to us today.

Citynet connects. Citynet protects. Citynet perfects.
Beware of Online Scams: Free Games, Fake Jobs, and Phony Reviews
By in

Beware of Online Scams: Free Games, Fake Jobs, and Phony Reviews

The internet is full of exciting opportunities, but it’s also a hunting ground for cybercriminals looking to steal personal information. One recent scam highlights how easily people can be tricked—cybercriminals are offering a “free” video game, only for users to unknowingly download malware onto their devices.

The "Free Game" Scam

A new scam involves an online job offer claiming that you can get paid to monitor in-game chats in a free game called “PirateFi.” The offer seems enticing: download the game, watch chat activity, and receive payment. Unfortunately, this game is just a front for malware. Instead of earning easy money, unsuspecting users end up installing malware that steals their web browser data, including login credentials and personal information. The cybercriminals then use or sell this stolen data for financial gain, leaving the victim empty-handed and vulnerable to identity theft.

Other Sneaky Tactics Scammers Use

Scammers don’t just stop at fake job postings. They have a variety of tricks to lure unsuspecting users into their traps. Here are some other common scams to watch out for:

  • Fake Product Reviews
    Ever seen an online post asking you to leave a review in exchange for a free product? Some of these offers come with strings attached, such as requiring you to provide personal information or click on malicious links. Scammers use these tactics to either steal your data or boost their own fraudulent operations.
  • Phony Job Offers with Software Downloads
    Scammers may pose as recruiters offering high-paying jobs but require applicants to download software to “test” their skills or complete onboarding. The downloaded files often contain spyware, ransomware, or other forms of malware that compromise your system and data.
  • Fake Customer Support Requests
    Some scams involve impersonating customer support representatives who claim you need to install software to fix an issue on your device. These scammers may reach out via email, text, or even fake pop-ups on your screen, leading you to install malware or give away sensitive login credentials.
  • Phishing Scams Masquerading as Giveaways
    Scammers frequently create fake contests or giveaways, promising valuable rewards in exchange for personal information or social media engagement. Once they have your details, they can use them to carry out identity theft or further scams.

Protect Yourself from Online Scams

At Citynet, we take cybersecurity seriously, and as a KnowBe4 partner, we help individuals and businesses stay aware of the latest threats. Follow these simple guidelines to avoid falling victim to online scams:

  • Be cautious when downloading new software. Always verify the source and use updated antivirus protection.
  • Don’t fall for ‘too good to be true’ deals. If an offer promises easy money or free products with no effort, it’s likely a scam.
  • Avoid downloading software as a job requirement. If a recruiter or employer asks you to install a program before hiring you, it’s a red flag.
  • Think before you click. Be skeptical of unsolicited messages asking for personal information or urging you to act quickly.
  • Stay informed. Cybercriminals constantly evolve their tactics. Educate yourself and your team about cybersecurity best practices.

Citynet provides advanced cybersecurity solutions and training to protect your business and personal data. As a KnowBe4 partner, we help organizations defend against phishing attacks, social engineering scams, and malware threats.

If you want to learn more about securing your digital world, contact Citynet today!

Stay safe, stay smart, and stay secure!

Stay Ahead of Cyber Threats with Citynet & Huntress
By in

Stay Ahead of Cyber Threats with Citynet & Huntress

Cybersecurity threats are evolving at an alarming rate, and businesses of all sizes must remain vigilant against cybercriminals who are constantly looking for vulnerabilities to exploit. At Citynet, we understand the critical need for proactive security solutions that go beyond traditional antivirus and firewall protections. That’s why we’ve partnered with Huntress, a leading cybersecurity platform, to offer our customers an advanced layer of defense against cyber threats.

What is Huntress?

HuntressHuntress is a powerful cybersecurity platform designed to detect and respond to persistent threats that evade conventional security measures. It continuously monitors your IT environment, identifying hidden footholds, unauthorized access, and malware that could compromise your business. With its managed detection and response (MDR) capabilities, Huntress ensures that your organization is protected 24/7.

How Citynet and Huntress Protect Your Business

Icon: Alert
Threat Detection & Response

Huntress actively hunts for malicious activity, analyzing suspicious behavior and stopping threats before they cause damage.

Icon: Ransomware
Ransomware Protection

Huntress provides early detection of ransomware attacks, preventing them from spreading and mitigating damage to your systems.

Icon: Shield
Incident Response & Remediation

If a breach occurs, Huntress provides expert-driven remediation steps to remove the threat and restore security.

Icon: Monitor
Continuous Monitoring

24/7 surveillance ensures that threats are detected and neutralized in real-time, giving you peace of mind.

Why Choose Huntress-Powered Security Solutions Expertly Deployed by Citynet?

Cyber threats don’t take a break, and neither do we. With Citynet and Huntress, you get a proactive, fully managed security solution that keeps your business secure without the need for an in-house cybersecurity team. Our expert team is always available to support you, so that your network remains safe, secure, and running smoothly.

Don’t wait until a cyberattack disrupts your business – take action today. Contact us to learn more about how Citynet and Huntress can fortify your cybersecurity defense.

Tips for Staying Alert Against Cyber Threats
By in

Tips for Staying Alert Against Cyber Threats

Cybercriminals are constantly evolving their tactics to trick you into revealing sensitive information or compromising your security. Take a moment to review these key security tips and remember—when in doubt, verify before you act!

For ongoing security updates and best practices, follow Citynet on Facebook.

Stay secure, stay smart, and keep cybercriminals out!

Caller ID Can Be Spoofed

Do not trust phone numbers displayed on incoming calls. Attackers can make a call appear as though it’s coming from a trusted source (IT, your bank, or even your boss). If in doubt, hang up and call back using an official number.

Phishing Emails

Look for Red Flags.   Before clicking on links or downloading attachments, watch for:
  • Unexpected or urgent requests (e.g., “Your account will be locked!”)
  • Misspellings, odd grammar, or generic greetings like “Dear Customer”
  • Mismatched or suspicious-looking sender addresses

Verify Internal Employees

Social Engineering is on the Rise

  • Attackers are now impersonating internal employees to gain access to systems or sensitive data. Be cautious when:
  • Receiving an unusual request via email, Webex, SMS, or phone (e.g., password resets, financial transactions, or file access).
  • An employee asks you to share information that seems unusual or urgent.
  • You get a call from IT support or management asking you to install software or change settings.

Use Personal Verification Questions
If you’re unsure whether someone is legitimate, ask a specific question only that person would know the answer to before providing information or access. Some examples:

  • For coworkers: “What project did we last work on together?”
  • For IT support: “What case number was my last request?”
  • For managers: “What was discussed in our last meeting?”

Always verify through an alternate method (such as calling the employee at their known extension) before acting.

Watch Out! Google Search Results Are Not Always Safe

Cybercriminals manipulate search rankings to make fake customer support numbers and malicious sites appear at the top. Always get phone numbers from official company websites and not from a Google search.

Remember:
  • Report suspicious emails to your IT department.
  • Directly call the person or a team member who handles IT security for your organization if you have doubts.
  • Stay vigilant and never rush when dealing with requests for personal or company information requests.
Remember, cybersecurity is a shared responsibility!

Keep up with more security tips and information by following Citynet on Facebook.

Protecting Your Personal Information on Your Smart TV
By in

Protecting Your Personal Information on Your Smart TV

Smart TVs have become a staple in many homes, offering convenient access to streaming services, apps, and even smart home integrations. However, just like your computer or smartphone, your TV can collect data, track viewing habits, and be vulnerable to cyber threats.

From voice assistants and built-in cameras to automatic content recognition (ACR) and third-party apps, your smart TV might be sharing more personal information than you realize. Without the right precautions, hackers, advertisers, and even cybercriminals could gain access to your data, putting your privacy at risk.

The good news? You can take simple steps to protect yourself. Here are 12 essential security and privacy tips to keep your personal information safe while enjoying your favorite shows and events:

  1. Adjust Privacy Settings – Review your TV’s privacy settings. Disable features you don’t need, like voice commands, camera access, and activity tracking.
  2. Disable Automatic Content Recognition (ACR) – ACR tracks what you watch to recommend content or serve ads. Turn this off in the TV’s settings to limit data collection.
  3. Keep Software Updated – Regularly update your TV’s firmware to protect against known security vulnerabilities.
  4. Use Strong Passwords – Set strong, unique passwords for streaming services, Wi-Fi, and any other connected apps on your TV.
  5. Be Cautious with App Permissions – Only download trusted apps. Check the permissions apps request and deny any unnecessary access.
  6. Turn Off Features When Not in Use – Disable the TV’s microphone, camera, or internet connection when not in use. Consider using physical covers for cameras.
  7. Avoid Using Public Wi-Fi – If you connect your TV to Wi-Fi, make sure it’s a secure, password-protected network to prevent unauthorized access.
  8. Enable Network Encryption – Use WPA2 or WPA3 encryption on your home Wi-Fi network to secure data transmitted to and from your TV.
  9. Monitor Account Activity – Regularly check for suspicious activity on your streaming accounts, such as unrecognized logins or recently watched shows.
  10. Enable Two-Factor Authentication (2FA) – If available, enable 2FA for apps on your TV to add an extra layer of protection to your accounts.
  11. Avoid Sharing Sensitive Info – Avoid entering sensitive information (like payment details) directly on your TV. Use a secure device like a phone or computer instead.
  12. Use a VPN (Optional) – If you want extra security, consider a VPN to encrypt your internet connection on the TV.

These precautions can help minimize the risks of data theft, unauthorized access, and privacy invasion on your smart TV.

Happy watching! Be sure to share this information with friends and family, and follow Citynet on Facebook to get the latest security info and tips.